According to various news outlets, North Korean hackers have been responsible for stealing billions of dollars in cryptocurrency over the years. These funds have allegedly been funneled into developing the Democratic People’s Republic of Korea (DPRK) ballistic missile program. The DPRK has trained hackers to impersonate employees and tech workers to exploit security vulnerabilities and walk away with $3 billion in cryptocurrency.
How North Korean hackers dupe people
According to The Wall Street Journal, an engineer working for a blockchain gaming company was contacted by a recruiter via LinkedIn. He was under the impression that he was offered a higher-paying job. However, the engineer unknowingly fell into a trap by North Korean hackers. They forwarded a document disguised as part of the interview process, which turned out to be a malicious code that granted the hackers access to his computer leading to the eventual theft of $600 million in crypto.
Despite how enormous it was, the Axie Infinity heist marked only the latest chapter in the story of North Korean financial cybercrime.
Sky Mavis, the developer of popular nonfungible token (NFT) video game Axie Infinity, lost hundreds of millions of dollars in assets when they were stolen by hackers on March 23. The attack occurred via a breach of the Ronin bridge that exists as part of the Ronin Network sidechain (also developed by Sky Mavis).
The breach occurred when attackers gained control of a series of validator nodes attached to Axie Infinity to conduct fake withdrawals. Hackers stole 173,600 Ethereum and 25.5 million USD Coin, worth approximately $620 million at the time (and about $375 million as of this writing).
Three weeks after the initial attack and two weeks after it was disclosed, the FBI formally attributed the attack to the Lazarus Group and APT38, nation-state threat groups tied to the North Korean government.
The Axie Infinity heist is not the first cryptocurrency heist for the Democratic People’s Republic of Korea (DPRK). Blockchain analytics firm Chainalysis reported that last year that the country stole nearly $400 million in at least seven attacks against cryptocurrency platforms. The North Korean government also has a lengthy history with financially motivated cybercrime.
But the Axie Infinity hack represents an enormous theft on behalf of Kim Jong Un’s regime, and acts as the latest in a long line of big-game heists against cryptocurrency platforms.
The reason for these attacks, based on conversations with experts on both cryptocurrency and North Korea, appears to be a combination of opportunity and a highly adaptive offensive cyberoperation.
Axie Infinity artwork showcasing its virtual pet characters.
An unconventional nation-state threat
North Korea is a small, insular nation with an estimated population of 25 million people. Despite its size, the country’s enormous military and cybersecurity investments have made it one of the United States’ “big four” nation-state adversaries along with Russia, Iran and China.
CrowdStrike senior vice president of intelligence Adam Meyers told SearchSecurity last year that overwhelmingly, the goal of…
Another BBC production, this one telling the story of the most daring bank theft ever attempted – and you probably haven’t even heard of it.
But the story is much more complicated than that.
Geoff White and Jean Lee are the hosts who combine to tell the story of how North Korea, Kim Jong-un and an international math Olympian are involved – and how a single word made all the difference in the attempted heist.
It all starts somewhere you might not expect, too – the infamous hack of Sony in 2014, linked to Seth Rogen movie The Interview.
How did the hackers get access to Sony’s servers and what exactly does it have to do with an attempt to steal a billion dollars? You’ll have your answer in just 10 highly-engaging episodes.
Exit Scam
Exit Scam is a short, eight-part documentary series that deals with the life and apparent death of Gerald Cotten, the founder of Canada’s biggest bitcoin exchange, Quadriga.
Cotten died in India in mysterious circumstances on his honeymoon in 2018 – and afterwards it emerged C$215 million that had been invested in his company had disappeared forever.
Initially it was thought it was because his passwords had been lost, but it turns out that wasn’t the case.
Host Aaron Lammer and producer Lane Brown spent two years investigating Cotten, his business – and his death, because not everyone thinks Cotten is dead.
Interviews with those who knew Cotten are mixed with experts, including one who specialises in finding people who have faked their deaths, to tell this amazing story.
Grumpy Old Geeks
This isn’t solely dedicated to cybersecurity or cryptocurrency but those subjects are dealt with all of the time, and with a healthy dose of scepticism and snark by Jason Defillipo and Brian Schulmeister.
Their weekly guest Dave Bittner is a security expert who hosts a daily cyber security show and so his recurring section is often – but not always – a healthy diversion from the bickering of the two main hosts.
The show is peppered with swearing, references to Star Wars and recommendations for software, television shows and movies.
It won’t take long to work out just how this podcast got its name. Be warned – if the thoughts of two old white…
Most surprising, perhaps, is the extent of the hackers’ alleged schemes as cryptocurrency scammers and even would-be entrepreneurs. The indictment outlines how the North Koreans—specifically Kim Il—made plans to launch a cryptocurrency token scheme called Marine Chain, which would sell a blockchain-based stake in marine vessels including cargo ships. According to the British think tank the Royal United Services Institute, Marine Chain was identified by the United Nations as a North Korean sanctions-evasion scheme in 2018; it’s not clear if it ever got off the ground.
In another cryptocurrency theft scheme, the hackers are charged with creating a long list of malicious cryptocurrency apps with names like WorldBit-Bot, iCryptoFx, Kupay Wallet, CoinGo Trade, Dorusio, Ants2Whales, and CryptoNeuro Trader, all designed to surreptitiously steal victims’ cryptocurrencies. The US Cybersecurity and Infrastructure Security Agency issued an advisory Wednesday about the malware family integrated into those apps known as AppleJeus, warning that the malicious apps have been distributed by hackers posing as legitimate cryptocurrency firms, who sent the apps in phishing emails or tricked users into downloading them from fake websites. Security firm Kaspersky had warned about versions of AppleJeus as early as 2018.
The indictment demonstrates the United States’ growing willingness to indict foreign hackers for cyberattacks and cybercriminal schemes that don’t merely target US institutions, says Greg Lesnewich, a threat intelligence analyst at security firm Recorded Future. For some of the charges, he points out, Americans were impacted only as the holders of cryptocurrency stolen from international exchanges. “It’s an expansion of what the US is willing to prosecute for, even if the victims aren’t US entities,” he says.
At the same time, Lesnewich says the long arc of the crimes the indictment describes also show North Korea has expanded its ambitions to use and steal cryptocurrency in any way that might help fund its sanctions-starved government. “They’re using very ingenious methods to steal cryptocurrency now,” says Lesnewich. “They’re clearly putting some of their ‘best’ people on…
https://spinsafe.com/wp-content/uploads/2021/02/Science_nkorea_1229640368.jpg6701280SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-02-18 10:00:062021-02-18 10:00:06Feds Indict North Korean Hackers for Years of Heists and Scams
